Competitive Analysis SonicWALL SOHO2 and TELE2 versus NetScreen-5XP August 2001 2 NetScreen-5XP - Product Overview The NetScreen-5XP, a dedicated security appliance for the SOHO market, combines wire-speed performance with stateful packet firewalling, and VPN encryption. The NetScreen-5XP provides an embedded real-time OS and a custom-built VPN ASIC on NetScreen s proprietary hardware platform. The NetScreen-5XP performs standard firewall functions, like Network Address Translation and protection from Denial of Service attacks, but it also includes bandwidth management and a built-in DHCP server. The NetScreen-5XP is positioned as a multi-functional, high-performance security solution for small and medium-size businesses. Management of the NetScreen-5XP may be performed through a Web user interface, a command line interface, or from the NetScreen-Global Manager. SonicWALL Advantages Over the NetScreen-5XP Price/Performance SonicWALL SOHO2 and TELE2 deliver superior network security at a lower overall cost. The SonicWALL SOHO2, at $495, provides 75Mbps firewalling, IP address translation, IP address management, and free firmware upgrades. The SonicWALL TELE2, priced at $595, provides the same comprehensive security features of the SonicWALL SOHO2, but also includes IPSec VPN encryption. The NetScreen-5XP costs $495, but only offers 10Mbps firewall throughput and requires the purchase of expensive maintenance programs for software upgrades and technical support. Complete Range of Integrated Security Services SonicWALL offers a complete suite of security upgrades and services that integrate seamlessly with its Internet security appliances. Web content filtering, anti-virus protection, and digital certificate authentication services are available with the SOHO2 and TELE2. NetScreen recommends third-party solutions, such as Websense for content filtering, at a minimum price of $1,395 a year, not including the cost of an additional server. Free Technical Support and Software Upgrades SonicWALL, Inc. provides free firmware upgrades for the life of their products, free standard technical support, and offers affordable premium support programs. In order to receive technical support and software packages for the NetScreen-5XP, NetScreen customers must purchase annual $150 support contracts. Simple Setup and Management The SonicWALL SOHO2 and the TELE2 may be installed and configured in minutes through an installation wizard. The NetScreen product line was originally designed for enterprise administrators, so configuration is complex and difficult to master. A NetScreen administrator must create complicated network objects before defining firewall and VPN policies; a single VPN tunnel entails the set up of internal and external network objects, encryption and IKE keys, and inbound and outbound policies, configured in 4 separate sections. SonicWALL Global Management System SonicWALL offers SonicWALL Global Management System, a powerful and scalable security management solution that allows enterprises and service providers to centrally manage thousands of SonicWALLs across geographically distributed networks. Company History and Financial Stability SonicWALL, Inc. is a profitable and publicly traded company. SonicWALL s strong financial position helps to ensure that its customer base will always receive service and support as well as new products to address their ongoing network security needs. NetScreen Technologies is privately held and expects to reach profitability in FY2002.
NetScreen-5XP In 1999, NetScreen Technologies introduced the NetScreen-5, a dedicated small office/home office firewall, to complement its enterprise NetScreen-10 and NetScreen-100 appliances. NetScreen announced in June 2001 its second-generation NetScreen-5XP, which provides a faster ASIC and more memory than the original NetScreen-5, but maintains the same features set of its predecessor. The NetScreen-5XP comes in two models, the 10 user NetScreen-5XP and the unlimited user NetScreen-5XP Elite. Firewall Security The NetScreen-5XP performs stateful packet firewalling, Network Address Translation, and DoS attack prevention. The NetScreen-5XP is positioned as a multi-functional security solution for small offices and telecommuters. It also includes VPN encryption, traffic shaping functionality, and a built-in DHCP server. The NetScreen-5XP does not provide application-level security tools, such as Web content filtering, e-mail attachment blocking, or anti-virus protection, although Web traffic may be vectored to a proxy server for content filtering. Service and Support NetScreen Technologies provides basic technical support for 30 days after product registration. After the 30-day period expires, customers may purchase technical support contracts for $100 per year. NetScreen offers software updates for 90 days after product shipment from NetScreen headquarters; after that date, customers must purchase $150 annual software subscriptions to receive up-to-date software. NetScreen also applies a number of hidden fees and costs to customers; virtually all services must be purchased through per-incidence programs and subscriptions and a $150 fee is charged to reset the NetScreen-5XP s password. Management The NetScreen-5XP may be configured from a Web browser, a command line interface, an SSH session, or securely managed via SSL with the purchase of annual $349 digital certificates from Verisign. For centralized management, NetScreen Technologies offers the NetScreen-Global Manager which starts at $4,995 for a 10-device license and costs $9,995 for a 25-device license. Key Features: Affordable Price Bundled VPN Capabilities 10Mbps Encryption Speed Bandwidth Management Small Form Factor Limitations: 10Mbps Maximum Performance No Application-Level Filtering No Integrated Web Blocking No Anti-Virus Enforcement Limited 30-Day Technical Support Expensive Software Subscription Restricted VPN Client Management Inability to Reset Firewall Password No Performance Expandability IPSec VPN The NetScreen-5XP s strongest advantage is its encryption speed; the NetScreen-5XP supports 10Mbps 3DES VPN throughput. The NetScreen-5XP interoperates with NetScreen s optional VPN Client software. However, the NetScreen-5XP does not offer a means for simple, scalable VPN Client deployment or an integrated digital certificate service for VPN Client authentication. Technical Specifications for the NetScreen-5XP Firewall Proprietary, hardened real-time operating system and custom-built hardware PowerPC Processor 4MB RAM (2) 10 Mbps Ethernet interfaces 5 x 6 x 1.25 metal-enclosed chassis NetScreen-5XP Series US List Price NetScreen-5XP $495 NetScreen-5XP Elite $995 NetScreen-5XP Software Subscription $150/Year NetScreen-5XP Support Service $100/Year
SonicWALL Advantages Over NetScreen SonicWALL SOHO2 and TELE2 10/100 Fast Ethernet Performance The SonicWALL SOHO2 and TELE2 offer exceptional value, functionality, and performance. Both the SonicWALL SOHO2 and the SonicWALL TELE2 include 10/100 Fast Ethernet ports, offering up to 75Mbps throughput speeds. NetScreen-5XP The NetScreen-5XP cannot match the performance of the SonicWALL SOHO2 and TELE2. The NetScreen-5XP only supports 10Mbps throughput, reducing the speed between computers on a 10/100Mbps network and servers on an Intranet or an Extranet. Simple Setup and Management SonicWALL products are extremely easy to install and configure. The SonicWALL Web User Interface includes an installation wizard, default security settings, and an intuitive setup to simplify management. The NetScreen-5XP does not provide a configuration wizard, and requires the NetScreen administrator to create complicated network objects in order to define firewall and VPN policies. Firmware Updates SonicWALL, Inc. provides free firmware updates for the lifetime of their products. Updates include new security features and up-to-date defenses against the latest attacks. SonicWALL administrators are automatically notified of new updates and firmware may be downloaded directly to the unit, avoiding a time-consuming upgrade process. Software updates are only available for the first 90 days after purchasing the NetScreen-5XP. After this period, customers must purchase annual software subscriptions, at a cost of $150 per year per NetScreen-5XP device. And NetScreen Technologies does not notify NetScreen administrators when new software is available. Web Content Filtering SonicWALL provides affordable, integrated content filtering. An annual SonicWALL Content Filter List subscription costs $75 for the TELE2 and $175 for the SOHO2. In addition, the SOHO2 and TELE2 include customized blocking by keyword and domain name. NetScreen supports content vectoring but requires the purchase of 3 rd party software and an additional server. Websense, the recommended content provider, costs a minimum of $1,395 per year, not including the purchase and set up of an additional server. Anti-Virus Protection SonicWALL, Inc. offers Network Anti-Virus, a policyenforced anti-virus solution. Network Anti-Virus provides immediate-response virus file updates and comprehensive reports of virus activity. NetScreen does not offer an integrated anti-virus solution. Without policy enforcement and immediate updates, users can disable their desktop anti-virus software and introduce vulnerabilities to viruses or remotely administered Trojans. Integrated VPN Authentication SonicWALL Authentication Service provides an integrated digital certificate service that is affordable and easy to manage. NetScreen s PKI solution requires customers to purchase and set up expensive third-party Registration and Certificate Authority servers and LDAP Directory servers. Global Management SonicWALL s Global Management System (GMS) offers a powerful, advanced means of managing multiple SonicWALL Internet security appliances. SonicWALL GMS can create sophisticated multi-layer device groupings and can manage and deploy policies at the unit, group, or global level. SonicWALL GMS scales to easily manage thousands of SonicWALL SOHO2 and TELE2 devices. The NetScreen-Global Manager can only support device management at the unit level and most configuration changes require the administrator of NetScreen-Global Manager to login into each individual device. The NetScreen-Global Manager s limited hierarchical structure and device management greatly hinder scalability and configuration.
NetScreen Claims and SonicWALL Counters NetScreen Claims Wire Speed VPN The NetScreen-5XP performs wire speed 10Mbps DES and 3DES VPN encryption. SonicWALL Counters While the NetScreen-5XP s DES and 3DES throughput exceeds the respective VPN throughput of the SonicWALL SOHO2 and TELE2, both the SonicWALL SOHO2 and the TELE2 deliver more than 7 times the firewall speed of the NetScreen-5XP. The SonicWALL SOHO2 and the TELE2 include 10/100 Fast Ethernet ports, providing up to 70Mbps throughput from the LAN to the WAN. In addition to DES and 3DES encryption, the SonicWALL SOHO2 and the SonicWALL TELE2 also provide ARCfour, a fast stream cipher algorithm that, to this date, has never been decoded. With ARCfour, the SonicWALL SOHO2 and TELE2 deliver 15Mbps VPN throughput, far exceeding the VPN encryption speed available with the NetScreen-5XP. Traffic Shaping The NetScreen-5XP includes bandwidth management, allowing an administrator to prioritize inbound and outbound firewall traffic. The NetScreen-5XP s traffic shaping capabilities allow a NetScreen administrator to throttle bandwidth. But NetScreen s bandwidth management cannot perform granular control by network users or groups of users or manage bandwidth at the application level. Additionally, enabling traffic shaping introduces latency and reduces the NetScreen-5XP s throughput speed. Because the SonicWALL SOHO2 and TELE2 provide faster firewall throughput than the NetScreen-5XP, the need to throttle specific types of traffic is less advantageous. Low Price The NetScreen-5XP (10 User) costs only $495 and includes VPN encryption functionality standard. For small offices and telecommuters, SonicWALL offers the affordable $595 SonicWALL TELE2 with VPN encryption and support for 5 VPN Security Associations. And because all SonicWALL Internet security appliances include free firmware updates, free standard technical support, and inexpensive premium support options, the SonicWALL SOHO2 and TELE2 provide superior price/ performance and a lower overall total cost of ownership. Advanced VPN Capabilities The NetScreen-5XP, with 10Mbps 3DES throughput and support for LDAP, PKI certificates, and an internal list of authenticated users. SonicWALL introduced sophisticated, new VPN features with the recent 6.1.1.0 SonicWALL firmware release. New features include VPN NAT, VPN Rules, VPN routing, and enhanced VPN logging. These features, in addition to SonicWALL s simple, scalable VPN client deployment and powerful global management of VPN through SGMS, make SonicWALL the superior VPN solution.
SonicWALL SOHO2 SonicWALL TELE2 NetScreen-5XP NetScreen-5XP Elite GENERAL U.S. List Price 1 $495 $595 $495 $995 IPSec VPN encryption Optional Included Included Included Number of Users 10 5 10 Unlimited FIREWALL ICSA Firewall Certification Yes Yes Yes Yes Type of packet filtering Stateful Packet Stateful Packet Stateful Packet Stateful Packet Firewall Throughput 2 75Mbps 75Mbps 10 Mbps 10 Mbps Number of Concurrent Sessions 3072 3072 2000 2000 Transparent Mode Yes Yes Yes Yes Network Address Translation Yes Yes Yes Yes DoS, DDoS Protection Yes Yes Yes Yes Predefined Services Yes Yes Yes Yes Network Access Rules Yes Yes Yes Yes VALUE ADDED SERVICES Vulnerability Assessment Integrated solution Integrated solution No No Antivirus Filtering/Management Integrated solution Integrated solution No No Web Filter List Blocking Integrated solution Integrated solution 3 rd Party Support 3 rd Party Support Custom Web Blocking Yes Yes No No Email Attachment Filtering Executable, VB Script Executable, VB Script No No Malicious Code Filtering Java, ActiveX, Proxy, EXE, Cookies, Certs Java, ActiveX, Proxy, EXE, Cookies, Certs Java, ActiveX, EXE Java, ActiveX, EXE NETWORKING SUPPORT VPN Client pass through Yes Yes No No PPPoE/DHCP Client Support Yes Yes Yes Yes DHCP Server Support Yes Yes Yes Yes Maximum Static Routes 64 64 16 16 MANAGEMENT Management Method Web Browser, CLI Web Browser, CLI Web Browser, CLI Web Browser, CLI Remote Management Encrypted Mgmt Encrypted Mgmt Encrypted Mgmt Encrypted Mgmt Global Management SonicWALL GMS SonicWALL GMS NS Global Manager NS Global Manager SNMP Management V1.0 MIB-II V1.0 MIB-II V1.0 MIB-II V1.0 MIB-II Diagnostic Tools Ping, Trace Route, DNS Lookup, Network Path Ping, Trace Route, DNS Lookup, Network Path High Availability/Failover No No No No LOGGING / ALERTING Logging Syslog Syslog Syslog Syslog Alerting Email & Pager Support Email & Pager Support Email & Pager Support Email & Pager Support SUPPORT Firmware Updates Free for life of product Free for life of product $150/year (after 90 days) $150/year (after 90 days) Firmware Update Method Web Browser Web Browser Web Browser Web Browser Standard Technical Support 1 Year 1 Year 30 Days 30 Days VPN Encryption Methods 3DES, DES, ARCfour 3DES, DES, ARCfour 3DES, DES 3DES, DES Authentication MD5, SHA-1 MD5, SHA-1 MD5, SHA-1 MD5, SHA-1 Key Management IKE, Manual IKE, Manual IKE, Manual IKE, Manual VPN Interoperability Ping Ping Maximum VPN Tunnels 10 5 10 10 ARCfour VPN Throughput 3 15 Mbps 15 Mbps Not Available Not Available DES VPN Throughput 3 5 Mbps 5 Mbps 10 Mbps 10 Mbps 3DES VPN Throughput 3 2Mbps 2 Mbps 10 Mbps 10 Mbps Perfect Forward Secrecy Yes Yes Yes Yes Prevent Replay Attacks Yes Yes Yes Yes Hub and Spoke/Star Support Yes Yes Yes Yes User Authentication RADIUS, SecureID, NT RADIUS, SecureID, NT RADIUS, SecureID (natively), NT, LDAP RADIUS, SecureID (natively), NT, LDAP PKI/Digital Certificate Support Integrated Solution Integrated Solution 3 rd Party Solution 3 rd Party Solution VPN Client Access Yes Yes Yes Yes 1 All prices are in US dollars. International prices may vary. 2 Unidirectional firewall throughput at 1024 bit packet size 3 Unidirectional VPN throughput at 512 bit packet size